Cyber attack

Red_toad

Full Member
Joined
Oct 23, 2010
Messages
11,587
Location
DownUnder
If you can't notice malware on your systems for 6 months or that your backups (which you should be validating and test restoring) are no longer readable, then frankly you deserve what you get.
Oh I agree. It happens all the time though, some huge companies get caught out and end up paying, but they do a very good job in it going unnoticed. Feck knows where the money ends up, probably sustaining a few brutal dictators.
 

izec

Full Member
Joined
Sep 5, 2013
Messages
27,165
Location
Lucilinburhuc
Couldn't make it up. if there was one top club it had to happen to, it was of course us. Not surprised in a way, you can only laugh really.
 

Gasolin

Full Member
Joined
Dec 22, 2007
Messages
6,106
Location
NYC
So is that story confirmed? I still don’t get the piece about the email, what did they do exactly to not even allow emails to be used?
 

horsechoker

The Caf's Roy Keane.
Joined
Apr 16, 2015
Messages
51,392
Location
The stable
The club has released a statement

“Over the past five months we have posted a series of false stories to see if they made their way into the Sun newspaper. And you know what, they did! The story about Sancho signing, the story about Haaland and then the latest story about the club being hacked

“It’s been tough keeping it to ourselves and not making any comment at all, especially when the stories have been leaked, however we had to. Now we know from certain which account/individual it’s come from.

“we have saved and screenshotted all the original stories which clearly show just one person has viewed them.

It’s …

Rebekah Vardy’s account
.”
 

UmbroDays

Full Member
Joined
Aug 12, 2019
Messages
738
If you can't notice malware on your systems for 6 months or that your backups (which you should be validating and test restoring) are no longer readable, then frankly you deserve what you get.
"dwell time" which is the time threat actors breach your system to the time your discover them is around 200 days. It's not a United problem, there are bigger global companies that had the same. But where it seems we've lacked is processes and procedures to detect any threats. It's something in the industry we've seen turning slowly, but companies do not want to put £$£$ into proper cyber security plans. But in the long run it works out well for the likes of me and many others who have to get your hands dirty when companies are breached

I wonder if United has in-house IT, outsourced, or co-managed? I'd imagine it would be in-house for the simple reason of eliminiating an outsourced IT company snooping data or seeing privileged info. Most ransomware is initiated from an email or drive-by attack but if you're in the industry you know MSP's have become a top of the list target. It will be interesting to know whether any other high profile companies have also been infected around the same time. You're spot on about education of the users. The end user is the last line of defense in most networks. The problem with most in-house IT is they don't always have access to the best options for backup etc... without using a partner that would be able to provide something like Datto.,

If true there are either no backups or the threat actors had access to the network or and email account have have a data dump which means they’re threatening to release data if ransom has a not paid.

The bit about not being able to use email does not make sense unless United hosts their own email server which is stupid in this day and age, or the compromised account was a global admin on O365 and they encrypted the email as well. Would not put it past United to skimp out on email backup either.
I mentioned earlier in the post that in 2018/2019 I saw a cyber security analyst/manager role I wanted to apply for, but I cannot remember the details. But I think their security and IT departments are outsourced.

Imagine not having remote secondary backup in 2020.



Is it legal to hack someone without their permission in the UK? I'd be very surprised if that was the case.
100% illegal unless you have given prior written consent. The white/grey hat hackers have permission or utilise a "ethical disclosure/bug hunting" program - where companies openly say try and hack xyz and we'll give you £$£$ if you do. It's mainly tech companies that do this though

So is that story confirmed? I still don’t get the piece about the email, what did they do exactly to not even allow emails to be used?
Critical parts of the operating system would have been targeted, databases, etc. Also think if you own an office and someone breaks in - you can't just start working straight after as the doors maybe broken, windows shattered, cables disrupted, etc. So I presume that's what delaying things, but we have so little information it leads me to believe this is bigger than normal. We have NCSC involed which is the cyber side of GCHQ. They don't do anything for non-government companies but act as a advisory for large and critical incident response situations, so I think we're completely overrun and had to call in governmental advisory.

We won't hear the full outcome from this for a few more months as we've advised ICO that no customer data was breached.

It appears the group that targeted us was RYUK, they've had payouts in the tens of millions and we already know we wouldn't spend 80 on Sancho, so I guess this will be not negotiated after a while and just will be a "start from fresh" approach. As this is occuring around the Transfer Window, I feel this will affect things in Jan.
 
Last edited:

Dave Smith

Full Member
Joined
Oct 14, 2019
Messages
2,506
Supports
Anything anti-Dipper
Curious as to what information they hacked? What could be so important to the club, that they pay up?
Plenty of things: 500k+ customer details with payment information.

Salary information

Health records

Emails with sensitive commercial information

Correspondence on new ventures i.e. European Super League etc.

Then you have the issue of whether someone somewhere has been bending the rules on something and now the hackers have proof of this.

All in all, I expect Utd to pay them a serious wedge as a serious leak could lead to much greater financial/PR problems.
 

mitchmouse

loves to hate United.
Joined
Oct 8, 2014
Messages
17,361
So now they are saying that the attackers know our transfer policy... good luck making any sense of it. Bit like a mind-reader looking into Woodward's head and getting lost in the vacuum
 

Red_toad

Full Member
Joined
Oct 23, 2010
Messages
11,587
Location
DownUnder
So now they are saying that the attackers know our transfer policy... good luck making any sense of it. Bit like a mind-reader looking into Woodward's head and getting lost in the vacuum
As we can't access the scouting information we received we're no longer able to purchase any players. That's January sorted then :(
 

UmbroDays

Full Member
Joined
Aug 12, 2019
Messages
738
Plenty of things: 500k+ customer details with payment information.

Salary information

Health records

Emails with sensitive commercial information

Correspondence on new ventures i.e. European Super League etc.

Then you have the issue of whether someone somewhere has been bending the rules on something and now the hackers have proof of this.

All in all, I expect Utd to pay them a serious wedge as a serious leak could lead to much greater financial/PR problems.
There were no customer details as the FCO AND ICO would have had to be notified and we informed them there were no customer details leaked.

All the rest, yea though.
 

UmbroDays

Full Member
Joined
Aug 12, 2019
Messages
738
Apparently stole our transfer plans! Not a big file then!
Haha as a fan I’d almost want them to release it just to see what we were planning. But it could feck things up if it says we plan to let Pogba go and he doesn’t know it yet.
 

Crustanoid

New Member
Joined
Feb 14, 2008
Messages
18,511
1) Be shit in the market
2) Take far too long
3) Save money for the Glazers

I don’t know what is so confidential about that
 

Maticmaker

Full Member
Joined
Nov 8, 2018
Messages
4,618
So now they are saying that the attackers know our transfer policy... good luck making any sense of it. Bit like a mind-reader looking into Woodward's head and getting lost in the vacuum
I agree... perhaps when the hackers have decoded it and sorted it out so it makes sense they will sell it back to us on a sale or return basis, the exchange can take place in a motorway services cafe...a brown envelope to be used, passed under the table, COD, no questions asked. Ed Woodward will make the exchange he will be wearing a black trilby, and reading a copy of the Daily Mirror
 

nickyboy1981

Full Member
Joined
Feb 3, 2007
Messages
261
Given the size of our fan base, they could have hit the motherload if they got hold of fans username and password data that isn't encrypted.

I dread to think what fines for this could equate to.
 

Bastian

Full Member
Joined
Jul 16, 2015
Messages
18,444
Supports
Mejbri
So what happened with this? I'm waiting for embarrassing information being leaked..
 

Lennon7

nipple flasher and door destroyer
Joined
May 8, 2013
Messages
10,473
Location
M5
Its probably a ransomware attack. But credit card details of fans, access to clubs finance details, wage bill etc, a whole load of confidential emails etc. Could be quite damaging to the club...
There’s cyber specialists out there, usually appointed through your insurer, that can recover all those sort of things within limits.
 

decorativeed

Full Member
Joined
Oct 19, 2009
Messages
12,331
Location
Tameside
As an update to this, my friends who work at United are now having to go into offices with no air conditioning, as the cyber attack crippled it and they've not bothered getting it sorted. Also a warning to anyone daft enough to want to go on the stadium tour.
 

Fully Fledged

Full Member
Joined
May 23, 2013
Messages
16,147
Location
Midlands UK
What do you get out of hacking a football club?
When somebody did City they got all the information on how they were breaking the Fair Play Rules. A lot of people gave them their bank details yesterday to sign up to watch the match. People are renewing their season tickets with their bank details. People are buying merchandise from the club store using their bank details. The list goes on.
 

Champ

Refuses to acknowledge existence of Ukraine
Joined
Jun 17, 2017
Messages
9,888
As an update to this, my friends who work at United are now having to go into offices with no air conditioning, as the cyber attack crippled it and they've not bothered getting it sorted. Also a warning to anyone daft enough to want to go on the stadium tour.
Have a stadium tour booked in a few weeks, can't imagine the hot weather will last til then though :lol: :lol:
 

decorativeed

Full Member
Joined
Oct 19, 2009
Messages
12,331
Location
Tameside
Was kind of hoping the dressing rooms would be completed in time...
They probably will be, but they're probably not going to let a load of potential virus carriers go in there. They weren't doing before the changing rooms were shut for redevelopment.